Hi Guys, so we've got a few data centres spread across the world and are looking to upgrade from Puppet v4 to Puppet v6.
At the moment we just have the one CA in the original DC (fast growing company). I like the idea of having a separate CA in each DC and having the "local" machine use that - simples .. ;) However, I'd like to know if there are any sane alternatives as I'll need to persuade the rest of the team/mgrs. Is it possible/sane to just build a CA in each DC but have it not active and then rsync the certs across every hour/day from the active CA & bring it up if (ie when) the main CA/DC goes away. Are there any other sensible ideas out there? Ideally, what is the recommended best practice by Puppet (we are on the FOSS version, so I can't ask them). FWIW, we use Foreman to keep an eye on stuff & I believe(?) it could be tricky to have multiple CAs talking to it ?? (I know nothing about how the foreman - puppet cxn works). Cheers Chris -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/f5893bca-6997-48da-8945-9451d35a8903%40googlegroups.com.
